CVE-2016-0794

CVSS V2 High 9.3 CVSS V3 High 7.8
Description
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
Overview
  • CVE ID
  • CVE-2016-0794
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2016-02-18T21:59:01
  • Last Modified Date
  • 2023-02-12T23:16:08
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* 1 OR 5.0.3
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
History
Created Old Value New Value Data Type Notes
2022-05-10 18:52:41 Added to TrackCVE
2022-12-02 08:25:40 2016-02-18T21:59Z 2016-02-18T21:59:01 CVE Published Date updated
2022-12-02 08:25:40 2018-01-05T02:30:30 CVE Modified Date updated
2022-12-02 08:25:40 Modified Vulnerability Status updated
2023-02-02 22:06:02 2023-02-02T21:16:17 CVE Modified Date updated
2023-02-02 22:06:03 The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. Description updated
2023-02-02 22:06:06 References updated
2023-02-13 01:06:30 2023-02-12T23:16:08 CVE Modified Date updated
2023-02-13 01:06:30 Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Description updated